Tor: Overview

Topics

The Tor network is a group of volunteer-operated servers that allows people
to improve their privacy and security on the Internet. Tor's users employ
this network by connecting through a series of virtual tunnels rather than
making a direct connection, thus allowing both organizations and
individuals to share information over public networks without compromising
their privacy. Along the same line, Tor is an effective censorship
circumvention tool, allowing its users to reach otherwise blocked
destinations or content. Tor can also be used as a building block for
software developers to create new communication tools with built-in privacy
features.

Individuals use Tor to keep websites from tracking them and their family
members, or to connect to news sites, instant messaging services, or the
like when these are blocked by their local Internet providers. Tor's onion services
let users publish web sites and other services without needing to reveal
the location of the site. Individuals also use Tor for socially sensitive
communication: chat rooms and web forums for rape and abuse survivors,
or people with illnesses.

Journalists use Tor to communicate more safely with whistleblowers and
dissidents. Non-governmental organizations (NGOs) use Tor to allow their
workers to connect to their home website while they're in a foreign
country, without notifying everybody nearby that they're working with
that organization.

Groups such as Indymedia recommend Tor for safeguarding their members'
online privacy and security. Activist groups like the Electronic Frontier
Foundation (EFF) recommend Tor as a mechanism for
maintaining civil liberties online. Corporations use Tor as a safe way
to conduct competitive analysis, and to protect sensitive procurement
patterns from eavesdroppers. They also use it to replace traditional
VPNs, which reveal the exact amount and timing of communication. Which
locations have employees working late? Which locations have employees
consulting job-hunting websites? Which research divisions are communicating
with the company's patent lawyers?

A branch of the U.S. Navy uses Tor for open source intelligence
gathering, and one of its teams used Tor while deployed in the Middle
East recently. Law enforcement uses Tor for visiting or surveilling
web sites without leaving government IP addresses in their web logs,
and for security during sting operations.

Using Tor protects you against a common form of Internet surveillance
known as "traffic analysis." Traffic analysis can be used to infer
who is talking to whom over a public network. Knowing the source
and destination of your Internet traffic allows others to track your
behavior and interests. This can impact your checkbook if, for example,
an e-commerce site uses price discrimination based on your country or
institution of origin. It can even threaten your job and physical safety
by revealing who and where you are. For example, if you're travelling
abroad and you connect to your employer's computers to check or send mail,
you can inadvertently reveal your national origin and professional
affiliation to anyone observing the network, even if the connection
is encrypted.

How does traffic analysis work? Internet data packets have two parts:
a data payload and a header used for routing. The data payload is
whatever is being sent, whether that's an email message, a web page, or an
audio file. Even if you encrypt the data payload of your communications,
traffic analysis still reveals a great deal about what you're doing and,
possibly, what you're saying. That's because it focuses on the header,
which discloses source, destination, size, timing, and so on.

A basic problem for the privacy minded is that the recipient of your
communications can see that you sent it by looking at headers. So can
authorized intermediaries like Internet service providers, and sometimes
unauthorized intermediaries as well. A very simple form of traffic
analysis might involve sitting somewhere between sender and recipient on
the network, looking at headers.

But there are also more powerful kinds of traffic analysis. Some
attackers spy on multiple parts of the Internet and use sophisticated
statistical techniques to track the communications patterns of many
different organizations and individuals. Encryption does not help against
these attackers, since it only hides the content of Internet traffic, not
the headers.

Tor helps to reduce the risks of both simple and sophisticated traffic
analysis by distributing your transactions over several places on the
Internet, so no single point can link you to your destination. The idea
is similar to using a twisty, hard-to-follow route in order to throw off
somebody who is tailing you — and then periodically erasing your
footprints. Instead of taking a direct route from source to
destination, data packets on the Tor network take a random pathway
through several relays that cover your tracks so no observer at any
single point can tell where the data came from or where it's going.

To create a private network pathway with Tor, the user's software or
client incrementally builds a circuit of encrypted connections through
relays on the network. The circuit is extended one hop at a time, and
each relay along the way knows only which relay gave it data and which
relay it is giving data to. No individual relay ever knows the
complete path that a data packet has taken. The client negotiates a
separate set of encryption keys for each hop along the circuit to ensure
that each hop can't trace these connections as they pass through.

Once a circuit has been established, many kinds of data can be exchanged
and several different sorts of software applications can be deployed
over the Tor network. Because each relay sees no more than one hop in
the circuit, neither an eavesdropper nor a compromised relay can use
traffic analysis to link the connection's source and destination. Tor
only works for TCP streams and can be used by any application with SOCKS
support.

For efficiency, the Tor software uses the same circuit for connections
that happen within the same ten minutes or so. Later requests are given a
new circuit, to keep people from linking your earlier actions to the new
ones.

Tor can't solve all anonymity problems. It focuses only on
protecting the transport of data. You need to use protocol-specific
support software if you don't want the sites you visit to see your
identifying information. For example, you can use Tor Browser
while browsing the web to withhold some information about your computer's
configuration.

Also, to protect your anonymity, be smart. Don't provide your name
or other revealing information in web forms. Be aware that, like all
anonymizing networks that are fast enough for web browsing, Tor does not
provide protection against end-to-end timing attacks: If your attacker
can watch the traffic coming out of your computer, and also the traffic
arriving at your chosen destination, he can use statistical analysis to
discover that they are part of the same circuit.

Providing a usable anonymizing network on the Internet today is an
ongoing challenge. We want software that meets users' needs. We also
want to keep the network up and running in a way that handles as many
users as possible. Security and usability don't have to be at odds:
As Tor's usability increases, it will attract more users, which will
increase the possible sources and destinations of each communication,
thus increasing security for everyone.
We're making progress, but we need your help. Please consider
running a relay
or volunteering as a
developer.

Ongoing trends in law, policy, and technology threaten anonymity as never
before, undermining our ability to speak and read freely online. These
trends also undermine national security and critical infrastructure by
making communication among individuals, organizations, corporations,
and governments more vulnerable to analysis. Each new user and relay
provides additional diversity, enhancing Tor's ability to put control
over your security and privacy back into your hands.